| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun"). |
| Livingston RADIUS code has a buffer overflow which can allow remote execution of commands as root. |
| HP Remote Watch allows a remote user to gain root access. |
| Windows NT RSHSVC program allows remote users to execute arbitrary commands. |
| Denial of service in Qmail through long SMTP commands. |
| Denial of service in talk program allows remote attackers to disrupt a user's display. |
| Bonk variation of teardrop IP fragmentation denial of service. |
| ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack." |
| cfingerd lists all users on a system via search.**@target. |
| ICMP redirect messages may crash or lock up a host. |
| The info2www CGI script allows remote file access or remote command execution. |
| Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution. |
| Netscape Enterprise servers may list files through the PageServices query. |
| Excite for Web Servers (EWS) allows remote command execution via shell metacharacters. |
| Denial of service in IIS using long URLs. |
| Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020. |
| The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. |
| mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters. |
| AAA authentication on Cisco systems allows attackers to execute commands without authorization. |
| Buffer overflow in FreeBSD lpd through long DNS hostnames. |
